Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/blackhatethicalhacking/fetchmeurls

A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)
https://github.com/blackhatethicalhacking/fetchmeurls

bugbounty bugbountytool recon reconnaissance

Last synced: 8 days ago
JSON representation

A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)

Host: GitHub
URL: https://github.com/blackhatethicalhacking/fetchmeurls
Owner: blackhatethicalhacking
License: gpl-3.0
Created: 2023-10-03T15:13:45.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-09-06T13:28:21.000Z (5 months ago)
Last Synced: 2025-01-15T21:17:34.157Z (23 days ago)
Topics: bugbounty, bugbountytool, recon, reconnaissance
Language: Shell
Homepage: https://www.blackhatethicalhacking.com
Size: 66.4 KB
Stars: 72
Watchers: 3
Forks: 14
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# fetchmeurls by BHEH

A very powerful yet quick Recon Tool written by Black Hat Ethical Hacking

# Description

**FetchmeURLs** is a Powerful Recon Tool written by Chris 'SaintDruG' Abou-Chabké from Black Hat Ethical Hacking, designed for Bug Bounty Hunters to quickly fetch URLs for multiple domains as part of a small or large scope actively and passively. It uses **Waybackurls** and **GoBuster** to fetch URLs, combining both powers Active / Passive and then pipes the results after saving them into a new file probing each one using **httpx**. It will also display the status and progress such as how many URLs it found before and after the probing is done so that the user is aware what sort of attack vectors they can use after the Recon has been done.

### **Double Action: Passive and Active combined and Probed**

![Looks like it's Recon time!](https://github.com/blackhatethicalhacking/fetchmeurls/assets/13942386/cfaab7b8-8d85-4316-a354-562031ca703b)

The idea is, you need to perform this once, then after you have the final URLs, you can use things like gf patterns from the URLs you fetched, to plan your next attack vectors. For examples you can use cariddi to find secrets, Nuclei on specific templates, Dalfox to find XSS Injection, SQLMap to find SQLi Injections, SSRF, Open Redirect, Website screenshots or just manual exploration.

Because it allows you to choose a custom wordlist, you have the flexibility to choose small, medium or big wordlists for the active fuzzing part with Gobuster, as this takes time but gets you more results than passive, you control the time because you provide the wordlist according to your needs. Can work well with SecLists too.

Recon is the most important part, if you want to one-line all that so you can then focus on the attack Vectors, this tool will help you do that accurately and does what it says it does.

# Installation

`git clone https://github.com/blackhatethicalhacking/fetchmeurls.git`

`cd fetchmeurls`

`chmod +x fetchmeurls.sh`

`./fetchmeurls.sh`

Once the results are saved, make sure to check this: `final_urls_probed_for_domainname.txt`.

# Requirements

You need to have:

- [waybackurls](https://github.com/tomnomnom/waybackurls)
- [httpx](https://github.com/projectdiscovery/httpx)
- [gobuster](https://github.com/OJ/gobuster)
- [lolcat](https://github.com/busyloop/lolcat)

Make sure to have these 4 installed, before you run our Tool. It works on Debian, MacOS, Ubuntu, Kali Linux, Parrot.

# Screenshots

![fetchmeurls](https://github.com/blackhatethicalhacking/fetchmeurls/assets/13942386/b386407b-d741-4115-b1e7-965a112e3780)

![fetchmeurls2](https://github.com/blackhatethicalhacking/fetchmeurls/assets/13942386/da3b5e09-3642-427c-b065-e4395ec349c0)

# Updates

V1.0 is Released

# Disclaimer

This tool is provided for educational and research purpose only. The author of this project are no way responsible for any misuse of this tool.
We use it to test under NDA agreements with clients and their consents for pentesting purposes and we never encourage to misuse or take responsibility for any damage caused !

BHEH Official Merch

Introducing our Merch Store, designed for the Offensive Security community. Explore a curated collection of apparel and drinkware, perfect for both professionals and enthusiasts. Our selection includes premium t-shirts, hoodies, and mugs, each featuring bold hacking-themed slogans and graphics that embody the spirit of red teaming and offensive security.
Hack with style and showcase your dedication to hacker culture with gear that’s as dynamic and resilient as you are. 😊